Pexip: >> Pexip Infinity >> 34.0 Security Vulnerabilities
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-25
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-12-25
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-25
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-12-25
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-12-25
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-25
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
CVSS Score
7.5
EPSS Score
0.007
Published
2025-04-02
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
CVSS Score
7.5
EPSS Score
0.007
Published
2025-04-02
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-06-10